If you work with mobile apps, you may already know that privacy is a hot issue. Regulators are pushing companies to improve their privacy practices, Congress is contemplating new laws, and class action lawyers are suing companies that don’t clearly disclose their practices. In the past few weeks, this focus on privacy intensified as the FTC, the California Attorney General, and even the White House weighed in with new announcements.

Two things are clear from this recent burst of activity. First, regulators are putting pressure on everyone in the mobile app ecosystem to improve their practices, so you can’t just assume that it’s your partner’s responsibility to comply. And with the number of regulators focusing on these issues, it’s going to be a lot harder for companies to hide. No matter what role you play in the mobile app ecosystem, you should pay attention to these developments. Here’s what you need to know.

Increased Focus on App Privacy

In February, the FTC issued a report about mobile apps directed to children. Although these apps can collect a broad range of information, the FTC noted that neither the app stores nor app developers provide enough information for parents to determine what data is collected from their children or how it is used or shared. In some cases, this could be a violation of federal law. The FTC wants all members of the kids app ecosystem to play an active role in making appropriate disclosures to parents.

Shortly after the FTC issued its report, the California Attorney General announced an agreement with the leading app stores in which the stores agreed to add a field in the app submission process for developers to post their privacy notices or a link to a privacy policy. The agreement is intended to ensure that consumers have an opportunity to access pertinent privacy information before they download an app. Moreover, the app stores have committed to provide a mechanism for consumers to report apps that don’t comply with laws or the app store’s terms of service.

And the White House also stepped into the debate by announcing a data privacy framework that establishes a “Consumer Privacy Bill of Rights.” Although the framework speaks broadly about privacy issues, several sections discuss issues that are particularly relevant to the mobile space. For example, the White House encourages app developers to collect only as much personal data as they need and to tailor their privacy disclosures to mobile screens.

5 Tips to Stay Ahead of the Regulators

Given the quickly changing legal landscape — and the growing number of government institutions that want to play a role in that landscape — it can be difficult for companies in the mobile app space to understand what is required. The following five tips address concerns that all of these institutions appear to share. Accordingly, they should form the starting point for your legal analysis when you develop and launch an app.

1. Don’t collect more than you need.

Because data can function as the currency of the digital age, there is often a tendency to collect as much data as possible. Companies think that even if they don’t have an immediate use for the data now, they might find a use (or a buyer) for it later on. Although this may be true, resist the temptation to collect more data than you need for your app to work. This is a core principle of the FTC’s “privacy by design” framework, as well as the new White House framework.

2. Disclose your privacy practices.

You need to make sure that users easily have the ability to learn what information you are collecting from them and how you are using it before they download your app. (The changes the app stores are making as a result of their agreement with the California AG will make this easier.) Make sure that your privacy notices are easy to read and tailored to the mobile setting. If you’re looking for a place to start, consider the Mobile Marketing Association’s Privacy Policy Guidelines for Mobile Apps.

3. Be careful with children.

If you collect personal information from children under 13, you need to comply with the Children’s Online Privacy Protection Act. Among other things, COPPA generally requires companies to obtain verifiable consent from parents before they collect personal information from their children. The FTC has challenged app developers for violating COPPA, and the agency’s latest report suggests that the FTC expects all members of the kids app ecosystem to play a role in complying.

4. Consider when to get consent.

Although various bills pending in Congress would require companies to get consent before collecting certain types of information, outside of COPPA, getting consent is not a uniformly applicable legal requirement yet. Nevertheless, there are some types of information (such as location-based data) for which getting consent may be a good idea. Moreover, it may be advisable to get consent at the point of collection when sensitive personal data is in play. Work with your legal counsel to determine what makes sense in your context.

5. Protect the information you collect.

Unfortunately, it’s not uncommon to read stories about major companies who experience data breaches. Data breaches can be costly to address and they may result in lasting damage to your brand. If you are collecting information from consumers, you need to ensure you have physical, electronic, and procedural safeguards to protect that information. For example, certain data should be encrypted and you should limit access to it. Moreover, you should properly dispose of data when you no longer need it.

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.